Skip to content

v2.0.0 - Multi-Session Support and Package Enhancements #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kykurniawan merged 2 commits into from
Nov 22, 2025
Merged

v2.0.0 - Multi-Session Support and Package Enhancements #1

kykurniawan merged 2 commits into from
Nov 22, 2025

Conversation

@kykurniawan
Copy link
Member

@kykurniawan kykurniawan commented Nov 22, 2025
edited
Loading

Summary

This release introduces multi-session token management, flexible JWT signing algorithms, event hooks, and several breaking changes to improve the overall API design.

Breaking Changes

  • Module path: Import path changed to github.com/openframebox/goauth/v2
  • TokenIssuer interface: CreateRefreshToken(ctx, auth, refreshing bool) changed to CreateRefreshToken(ctx, auth, oldToken *string)
  • StoreRefreshTokenFunc: Signature changed from (ctx, auth, token, refreshing bool) to (ctx, auth, token, oldToken *string)
  • Strategy constructors: Now use builder pattern (NewLocalStrategy(), NewJWTStrategy()) instead of struct literals
  • New required method: RevokeRefreshToken(ctx, token string) error added to TokenIssuer interface
  • Token struct: Added Type, IssuedAt, and SessionID fields

New Features

  • Multi-session support: Users can have multiple active sessions across devices
  • SessionTokenIssuer: New token issuer with full session management (list, revoke single, revoke all)
  • Multiple signing algorithms: HS256/384/512, RS256/384/512, ES256/384/512 via KeyProvider interface
  • Event hooks: OnBeforeAuthenticate, OnAfterAuthenticate, OnTokenIssued, OnTokenRevoked
  • Rate limiting: Built-in interfaces for LocalStrategy
  • Password validation: Optional bcrypt/argon2 integration in LocalStrategy
  • Token type validation: JWTStrategy can enforce access vs refresh token types
  • Thread-safe: Strategy registration protected with sync.RWMutex
  • New error types: RateLimitError, ValidationError, SessionError
  • TokenPair methods: IssueTokenPair(), RefreshTokenPair(), AuthenticateAndIssueTokenPair()

Files Changed

File Description
signing.go New KeyProvider interface with HMAC/RSA/ECDSA support
session_aware_token_issuer.go New multi-session token issuer with builder pattern
interface.go Updated TokenIssuer, added SessionAwareTokenIssuer, AuthEventHooks
entity.go Added TokenType, TokenPair, SessionInfo types
errors.go Added RateLimitError, ValidationError, SessionError
http_errors.go Added ErrorResponse struct and ErrorResponseForError()
default_token_issuer.go Updated callback signatures for token rotation
goauth.go Thread safety, event hooks, new TokenPair methods
local_strategy.go Builder pattern, rate limiting, password validation
jwt_strategy.go Builder pattern, token type validation, revocation check
example/http_server/main.go New HTTP server example with all endpoints
example/main.go Updated for multi-session demo
README.md Comprehensive v2 documentation with migration guide

Test Plan

  • All existing tests pass with updated API
  • Package builds successfully
  • Examples compile and run correctly

@kykurniawan kykurniawan merged commit b7211ea into main Nov 22, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kykurniawan